CVE-2026-45662 – Dokploy: Command Injection via incomplete shell escaping in docker logout (registry deletion)

CVE ID :CVE-2026-45662

Published : May 29, 2026, 4:16 p.m. | 15 minutes ago

Description :Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.0 and earlier, the deleteRegistry function in Dokploy (packages/server/src/services/registry.ts) executes docker logout ${response.registryUrl} without shell escaping. In the same file, the docker login command correctly uses shEscape() to prevent command injection. This inconsistency creates a command injection vulnerability when deleting a registry with a crafted registryUrl.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-7786 – Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials

CVE-2026-6824 – CP Plus 8 Ch. Network Video Recorder Cross-site Scripting

CVE-2026-5768 – Fourth Frontier Frontier X Mobile Application, Frontier X2 Missing Authentication for Critical Function

CVE-2026-5386 – KMW CCTV Security Cameras Unverified Password Change